Detecting DNS and HTTP Load Balancers using LBD

Load Balancing has becoming an important part of the network architecture, especially for companies which host applications accessed by millions around the world. Good examples of such companies would be Google, Facebook, MSN, YouTube etc. In most cases, Load Balancing for web applications in particular, happens using a DNS based balancer which cycles through the different IPs in the server farm in a round robin fashion, or using a HTTP Load Balancer device which multiplexes incoming connections to one of the servers in the farm.

As one can imagine from a pentest perspective, detection of load balancers is an important step in the information gathering stage. In this video we will look at a simple load balancing detector tool called Load Balancer Detector (LBD), which uses both DNS and HTTP based techniques to detect load balancers. During the tests, we find that the DNS detection works perfectly, however the HTTP based detection techniques, does give false positives at times (which the tool author acknowledges). LBD is included in the Backtrack 4 iso.

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net